Ibm

Kenexa Lms On Cloud

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2016-6122

  • EPSS 0.18%
  • Veröffentlicht 01.02.2017 20:59:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.

5.4

CVE-2016-6123

  • EPSS 0.23%
  • Veröffentlicht 01.02.2017 20:59:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos...

8.8

CVE-2016-6124

  • EPSS 2.67%
  • Veröffentlicht 01.02.2017 20:59:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

5.4

CVE-2016-6125

  • EPSS 0.23%
  • Veröffentlicht 01.02.2017 20:59:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos...

6.5

CVE-2016-6126

  • EPSS 0.64%
  • Veröffentlicht 01.02.2017 20:59:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

5.4

CVE-2016-8911

  • EPSS 0.2%
  • Veröffentlicht 01.02.2017 20:59:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's ...

4.3

CVE-2016-8912

  • EPSS 0.16%
  • Veröffentlicht 01.02.2017 20:59:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.

6.5

CVE-2016-8913

  • EPSS 0.64%
  • Veröffentlicht 01.02.2017 20:59:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

5.4

CVE-2016-8920

  • EPSS 0.23%
  • Veröffentlicht 01.02.2017 20:59:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos...

6.5

CVE-2016-5939

  • EPSS 0.25%
  • Veröffentlicht 01.02.2017 20:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.